1
22.7 Legacy Series / Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
« on: October 26, 2022, 09:13:26 pm »
Problem solved. The problem was caused by two mistakes I made in the configuration.
1) I forgot to activate the “DNS local domain” setting in the OpenVPN server setting and enter the local domain name in that settling. This makes sure that local names get trailed by the local domain for proper resolution
2) I initially entered the local LAN ip for the local DNS server (192.168.10.254) in the OpenVPN server settings to pass to connected clients as DNS to use. This actually needs to be the (unassigned) interface address of the ovpns interface that hosts the tunnel network. In my case this is 192.168.20.1, which is automatically set when configuring the tunnel network as 192.168.20.0/24.
These two changes solved the problem. In Adguard settings I noticed that Adguard also listens on 192.168.20.1 next to 192.168.10.254. While I am unsure why it does work properly with 192.168.10.254 set in OpenVPN server as client DNS without Adguard installed (DNS local domain needs to be set in both cases) I guess it has something to do with routing between the two networks. As mentioned in my previous post the DNS request comes in, is forwarded to the local DNS (192.168.10.254:5353), a correct reply is received by Adguard, but somehow the reply is not sent back from 192.168.10.254 to the client at 192.168.20.x/24. While this does work without AdGuard….. Maybe an Adguard application issue..?
1) I forgot to activate the “DNS local domain” setting in the OpenVPN server setting and enter the local domain name in that settling. This makes sure that local names get trailed by the local domain for proper resolution
2) I initially entered the local LAN ip for the local DNS server (192.168.10.254) in the OpenVPN server settings to pass to connected clients as DNS to use. This actually needs to be the (unassigned) interface address of the ovpns interface that hosts the tunnel network. In my case this is 192.168.20.1, which is automatically set when configuring the tunnel network as 192.168.20.0/24.
These two changes solved the problem. In Adguard settings I noticed that Adguard also listens on 192.168.20.1 next to 192.168.10.254. While I am unsure why it does work properly with 192.168.10.254 set in OpenVPN server as client DNS without Adguard installed (DNS local domain needs to be set in both cases) I guess it has something to do with routing between the two networks. As mentioned in my previous post the DNS request comes in, is forwarded to the local DNS (192.168.10.254:5353), a correct reply is received by Adguard, but somehow the reply is not sent back from 192.168.10.254 to the client at 192.168.20.x/24. While this does work without AdGuard….. Maybe an Adguard application issue..?
![Tongue :P](https://forum.opnsense.org/Smileys/default/tongue.gif)